package com.aspire.security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.validator.routines.UrlValidator;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

import com.aspirecn.core.commons.SecurityUtils;

public class XssValidateFilter implements Filter{

	private static Logger logger = Logger.getLogger(XssValidateFilter.class);

	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {

		HttpServletRequest httpRequest = (HttpServletRequest)request;
		HttpServletResponse httpResponse = (HttpServletResponse)response;
		
		String url = SecurityUtils.xssValidate(httpRequest, httpResponse);
		if( StringUtils.isNotBlank(url) && UrlValidator.getInstance().isValid(url) )
		{
			httpResponse.sendRedirect(url);
			return;
		}
		
		chain.doFilter(request, response);
	}


	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}
}
